From 8be248921e6443c2c307ce26da0f428e2aa6817d Mon Sep 17 00:00:00 2001
From: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
Date: Wed, 29 Jul 2020 17:34:58 +0200
Subject: [PATCH] fix(hasura): force load pg-user fixed secret in preprod/prod

---
 .k8s/components/hasura.ts | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.k8s/components/hasura.ts b/.k8s/components/hasura.ts
index da281362..77bfa42a 100644
--- a/.k8s/components/hasura.ts
+++ b/.k8s/components/hasura.ts
@@ -1,9 +1,29 @@
 import env from "@kosko/env";
+import { SealedSecret } from "@kubernetes-models/sealed-secrets/bitnami.com/v1alpha1/SealedSecret";
 
 import { create } from "@socialgouv/kosko-charts/components/hasura";
+import { loadYaml } from "@socialgouv/kosko-charts/utils/getEnvironmentComponent";
+import { updateMetadata } from "@socialgouv/kosko-charts/utils/updateMetadata";
+import gitlab from "@socialgouv/kosko-charts/environments/gitlab";
 
 const manifests = create({
   env,
 });
 
+if (env.env?.includes("prod") || env.env?.includes("preprod")) {
+  /* SEALED-SECRET */
+  // try to import environment sealed-secret
+  const secret = loadYaml<SealedSecret>(env, `pg-user.sealed-secret.yaml`);
+  if (secret) {
+    const envParams = gitlab(process.env);
+    // add gitlab annotations
+    updateMetadata(secret, {
+      annotations: envParams.annotations || {},
+      labels: envParams.labels || {},
+      namespace: envParams.namespace,
+    });
+    manifests.unshift(secret);
+  }
+}
+
 export default manifests;